{"id":807166,"url":"http://patchwork.ozlabs.org/api/1.2/patches/807166/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20170829162727.13081-1-berrange@redhat.com/","project":{"id":14,"url":"http://patchwork.ozlabs.org/api/1.2/projects/14/?format=json","name":"QEMU Development","link_name":"qemu-devel","list_id":"qemu-devel.nongnu.org","list_email":"qemu-devel@nongnu.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170829162727.13081-1-berrange@redhat.com>","list_archive_url":null,"date":"2017-08-29T16:27:27","name":"crypto: fix test cert generation to not use SHA1 algorithm","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"2a40d6be491533ff70e0961436f18ad8abf8ca2c","submitter":{"id":2694,"url":"http://patchwork.ozlabs.org/api/1.2/people/2694/?format=json","name":"Daniel P. Berrangé","email":"berrange@redhat.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/qemu-devel/patch/20170829162727.13081-1-berrange@redhat.com/mbox/","series":[{"id":403,"url":"http://patchwork.ozlabs.org/api/1.2/series/403/?format=json","web_url":"http://patchwork.ozlabs.org/project/qemu-devel/list/?series=403","date":"2017-08-29T16:27:27","name":"crypto: fix test cert generation to not use SHA1 algorithm","version":1,"mbox":"http://patchwork.ozlabs.org/series/403/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/807166/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/807166/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@bilbo.ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=nongnu.org\n\t(client-ip=2001:4830:134:3::11; helo=lists.gnu.org;\n\tenvelope-from=qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org;\n\treceiver=)","ext-mx01.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com","ext-mx01.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=berrange@redhat.com"],"Received":["from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])\n\t(using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xhYw26cMpz9t38\n\tfor ;\n\tWed, 30 Aug 2017 02:28:02 +1000 (AEST)","from localhost ([::1]:45977 helo=lists.gnu.org)\n\tby lists.gnu.org with esmtp (Exim 4.71) (envelope-from\n\t)\n\tid 1dmjMt-0006Mi-9R\n\tfor incoming@patchwork.ozlabs.org; Tue, 29 Aug 2017 12:27:59 -0400","from eggs.gnu.org ([2001:4830:134:3::10]:39438)\n\tby lists.gnu.org with esmtp (Exim 4.71)\n\t(envelope-from ) id 1dmjMZ-0006MS-Nw\n\tfor qemu-devel@nongnu.org; Tue, 29 Aug 2017 12:27:40 -0400","from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)\n\t(envelope-from ) id 1dmjMU-0006iJ-PJ\n\tfor qemu-devel@nongnu.org; Tue, 29 Aug 2017 12:27:39 -0400","from mx1.redhat.com ([209.132.183.28]:54686)\n\tby eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)\n\t(Exim 4.71) (envelope-from ) id 1dmjMU-0006hp-Ir\n\tfor qemu-devel@nongnu.org; Tue, 29 Aug 2017 12:27:34 -0400","from smtp.corp.redhat.com\n\t(int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 653A38535D\n\tfor ; Tue, 29 Aug 2017 16:27:33 +0000 (UTC)","from t460.redhat.com (unknown [10.33.36.95])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id 851FA7053D;\n\tTue, 29 Aug 2017 16:27:32 +0000 (UTC)"],"DMARC-Filter":"OpenDMARC Filter v1.3.2 mx1.redhat.com 653A38535D","From":"\"Daniel P. Berrange\" ","To":"qemu-devel@nongnu.org","Date":"Tue, 29 Aug 2017 17:27:27 +0100","Message-Id":"<20170829162727.13081-1-berrange@redhat.com>","X-Scanned-By":"MIMEDefang 2.79 on 10.5.11.13","X-Greylist":"Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.25]);\n\tTue, 29 Aug 2017 16:27:33 +0000 (UTC)","X-detected-operating-system":"by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]\n\t[fuzzy]","X-Received-From":"209.132.183.28","Subject":"[Qemu-devel] [PATCH] crypto: fix test cert generation to not use\n\tSHA1 algorithm","X-BeenThere":"qemu-devel@nongnu.org","X-Mailman-Version":"2.1.21","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Errors-To":"qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org","Sender":"\"Qemu-devel\"\n\t"},"content":"GNUTLS 3.6.0 marked SHA1 as untrusted for certificates.\nUnfortunately the gnutls_x509_crt_sign() method we are\nusing to create certificates in the test suite is fixed\nto always use SHA1. We must switch to a different method\nand explicitly ask for SHA256.\n\nSigned-off-by: Daniel P. Berrange \n---\n tests/crypto-tls-x509-helpers.c | 3 ++-\n 1 file changed, 2 insertions(+), 1 deletion(-)","diff":"diff --git a/tests/crypto-tls-x509-helpers.c b/tests/crypto-tls-x509-helpers.c\nindex 64073d3bd3..173d4e28fb 100644\n--- a/tests/crypto-tls-x509-helpers.c\n+++ b/tests/crypto-tls-x509-helpers.c\n@@ -406,7 +406,8 @@ test_tls_generate_cert(QCryptoTLSTestCertReq *req,\n * If no 'ca' is set then we are self signing\n * the cert. This is done for the root CA certs\n */\n- err = gnutls_x509_crt_sign(crt, ca ? ca : crt, privkey);\n+ err = gnutls_x509_crt_sign2(crt, ca ? ca : crt, privkey,\n+ GNUTLS_DIG_SHA256, 0);\n if (err < 0) {\n g_critical(\"Failed to sign certificate %s\",\n gnutls_strerror(err));\n","prefixes":[]}